On 11/2/20 9:45 PM, Vit Mojzis wrote: > when investigating a bug report [1], I found that homedir context definitions (specified in .fc file) are changed based on the corresponding user (selinux user, role and mls level from the context definition are replaced - [2]). > While replacing the selinux user and role makes sense, I'm wondering if the mls level from each homedir context definition should instead be compared to corresponding user's mls range (and either kept or replaced to ensure given user has access to it). > > I have no problem with writing the patch, but I could use help understanding what the correct behaviour should be (and why). I would also be interested in a patch that allows specifying the "user level" i.e. the mls part of home directory file contexts as a range. In my policy objects can also have a range where low specifies the confidentiality level and high the integrity level of a file, and it would be quite useful to have user directories default to low-high. I might have already posted something about this to the mailing list but I'm not sure. -- bauen1 https://dn42.bauen1.xyz/